<?php
ini_set('session.gc_maxlifetime', 7200); 
$sessionLifetime = 7200;
session_set_cookie_params([
  'lifetime' => 7200,
  'path' => '/',
  'domain' => $_SERVER['HTTP_HOST'],
  'secure' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
  'httponly' => true,
]);
header("Content-type:text/html;charset=utf-8");
define('token','yhalpomxhys0183');
if ($_SERVER['REQUEST_METHOD']!== 'POST') {
    header('HTTP/1.0 404 Forbidden');
    exit;
}
$auth_token = isset($_POST['token'])? $_POST['token'] : null;
if ($auth_token === null) {
    header('HTTP/1.0 404 Forbidden');
    exit;
}
if($auth_token != token) {
    header('HTTP/1.0 405 Forbidden');
    exit;
}
require 'cofd/common.php';
$user=$_POST['account2'];
$pass=$_POST['password2'];
$stmt = $conn->prepare("SELECT * FROM user WHERE username = ? AND password = ?");  
$stmt->bind_param("ss", $user, $pass); 
$stmt->execute();  
$result = $stmt->get_result(); 
$row = $result->fetch_assoc(); 
if ($result->num_rows > 0) {    
    $userId = htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8');
    setcookie('user_key_'.$userId,$userId, 0, '/');
    setcookie('user_key',$userId, 0, '/');
    setcookie('user_key2',$row['username'], 0, '/');
    session_start();
    $_SESSION['authorized'] = true;
    $_SESSION['expires_at'] = time() + $sessionLifetime;
    $_SESSION['user_id'] = $userId;
session_write_close();
    echo "<script>sessionStorage.setItem('user', '" . $userId . "');</script>";
    echo "<script>alert('right');location='./';</script>";  
} else {  
    echo "<script>alert('error!');location='./';</script>";  
}   
$stmt->close();  
$conn->close(); 
?>